AUDIT WORK PROGRAM

PLANNING MEMO
AREA REVIEWED
DATE

INTRODUCTION

(REPLACE WITH YOUR INTRODUCTION)

At the request of management Internal Audit performed a review on Office Security within
Windows 2000 Operating System.

Per our mandate as documented in the Internal Audit Charter: “Internal Audit staff shall have
authority to access and examine all information, both paper-based documents and electronic
information residing on computers systems, and to inspect all physical assets. However, they
shall safeguard any assets or information that they examine and maintain the confidentiality
of all information”. Therefore any restriction to information shall be construed as limitation of
our scope and will be reported to the Board and the Audit Committee.

BACKGROUND

(REPLACE WITH YOUR BACKGROUND)

The telecommunications industry is very competitive. The security of documents and other
confidential related matters is crucial to the group.

AUDIT OBJECTIVES AND SCOPE

(REPLACE WITH YOUR AUDIT OBJECTIVES AND SCOPE)

Objectives and Scope

To provide executive management with an opinion on the security of word documents / office
files within Windows 2000.

The review will cover:

- Security Settings
- Account Policies

Internal Audit Page 1 of 3 Confidential

 AUDIT WORK PROGRAM
PLANNING MEMO
AREA REVIEWED
DATE
- Local Policies
- User Rights
- Security Options
- Passwords

OVERALL RISK EXPOSURE

AUDIT APPROACH

(REPLACE WITH YOUR AUDIT APPROACH)

There are a number of distinct stages in the internal audit process, all of which contribute to a successful
conclusion. The auditor in charge is responsible for ensuring that the process is complied with. The various
stages include:
 Opening meeting, Planning and risk analysis
 Fieldwork or testing & evaluation of internal controls
 Draft report and closing meeting

The techniques used in testing and evaluating internal controls will include:

 Interviews and inquiry

 Inspection & confirmation of documentation (including policies and procedures)
 Observation and re-performance of procedures
 Perform selected testing on transactions/activities etc
 Perform analytical procedures (including ratio analysis, financial impact analysis, interrelationships in
data etc).

AUDIT TEAM ASSIGNED

NAME ROLES

Internal Auditor

ACTIVITIES AND DELIVERABLES

Internal Audit Page 2 of 3 Confidential

 AUDIT WORK PROGRAM
PLANNING MEMO
AREA REVIEWED
DATE
ACTIVITIES AND DELIVERABLES PRELIMINARY DATES

Audit preparation and Planning

Fieldwork and Review

Draft Report

Final Report

At the conclusion of each audit, a draft report is prepared containing all findings and
recommendations for improving controls and increasing efficiencies and promoting cost savings.

Audit findings are categorized according to high, medium and low risk. The assessment is based
on the impact, probability and controllability aspects of risk on the business.

A copy of the draft is sent to management prior to closing meeting for management’s preliminary
review and comment. The draft report will be discussed at the closing meeting. Management’s
action plan are discussed and included as part of the final report.

Internal Audit Page 3 of 3 Confidential